Sign in
Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Connect
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Tags
.NET Framework
ActiveX
Adobe
ATL
Attack
Attack Surface Reduction
Attack Vector
authentication bypass
AutoPlay
AutoRun
CanSecWest
classid
clsid
COM
Defense-in-depth
DEP
detection
disassembly
dns
EMET
Exploitability
exploitation
FixIt
Font
full-disclosure
gdiplus
GS
HTML
ICMP
IE
IGMP
IIS
Internet Explorer (IE)
ISATAP
kernel
Killbit
malware
Man-in-the-Middle
Microsoft Office
Mitigations
ModSecurity
MS08-001
MS08-067
MS09-032
MS09-034
MS09-035
MS09-056
MS09-061
MS09-062
MS09-063
MS09-064
MS09-065
MS12-043
MSHTML
msmq
msvidctl
MSXML
MSXML5
multicast group
netmon
network
network capture
network protocol
NTLM
Open XML
phoenix bit
PKI
ProbeForRead
ProbeForWrite
protocol handlers
quartz.dll
rating
registry
Risk Asessment
RPC
safe for initialization
safe for scripting
Schannel
Security Bulletin
Security Science
Security Tools
security zones
SharePoint
signing
SMB
spoofing
SQL
SQL Injection
timing attack
TLS
tools
Visual Studio
win32k.sys
Windows Media components
WINS
Workarounds
XBAP
XSS
XSS Filter
Zero-Day Exploit
Browse by Tags
TechNet Blogs
>
Security Research & Defense
>
All Tags
>
.net framework
Tagged Content List
Blog Post:
MS12-025 and XBAP: No longer a driveby threat
swiat
One of the security bulletins released today, MS12-025 , addresses a code execution vulnerability in the .NET Framework. To exploit the vulnerability, an attacker would build a malicious XBAP application and lure victims to a malicious website serving the XBAP. The good news is that a zero-click “driveby”...
on
10 Apr 2012
Blog Post:
ASP.NET security update is live!
swiat
Today we released MS11-100 , addressing a newly disclosed denial-of-service vulnerability affecting several vendors’ Web application platforms, including Microsoft’s ASP.NET. Yesterday, we posted an SRD blog describing the vulnerability and the detection and workaround opportunities. With...
on
29 Dec 2011
Blog Post:
More information about the December 2011 ASP.Net vulnerability
swiat
Today, we released Security Advisory 2659883 alerting customers to a newly disclosed denial-of-service vulnerability affecting several vendors’ web application platforms, including Microsoft’s ASP.NET. This blog post will cover the following: Impact of the vulnerability How to know...
on
27 Dec 2011
Blog Post:
Assessing the risk of the June security updates
swiat
Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately...
on
14 Jun 2011
Blog Post:
MS11-044: JIT compiler issue in .NET Framework
swiat
Today we have released MS11-044 to address CVE-2011-1271, a remote code execution vulnerability in the .NET framework. Here we would like to provide more technical information about this vulnerability and why we believe this issue to be unlikely to be exploited. This root cause of CVE-2011-1271 is...
on
14 Jun 2011
Blog Post:
MS10-041: XML Signature HMAC Truncation Bypass Vulnerability
swiat
Today we released MS10-041 addressing an issue in the implementation of the XML signature functionality in the .NET Framework with an Important severity rating. We’d like to shed more light on that case here. Am I at risk? No Microsoft products are subject to this vulnerability. However...
on
8 Jun 2010
Blog Post:
MS09-061: More information about the .NET security bulletin
swiat
MS09-061 fixes vulnerabilities in the .NET Framework which could allow malicious .NET applications execute arbitrary native code, resulting in remote code execution. This post is intended to help clarify the attack vectors for these vulnerabilities, and to cover recommended workarounds. Important...
on
12 Oct 2009
Page 1 of 1 (7 items)